If you have a Windows Network Policy Server aka RADIUS, you have to deal with certificates from time to time. When a certificate expires on your NPS server it can be a real problem to locate where NPS hides the certificate settings.
- Obtain or Create a Certificate:
Ensure you have a valid certificate that includes Server Authentication. This can be obtained from a trusted Certificate Authority (CA) or generated internally using a Windows CA - Install the Certificate:
The certificate should be installed in the NPS servers local computer’s PERSONAL STORE - Launch the Network Policy Server (NPS) Console:
Click START and type NPS, the click on NPS console - Configure the Certificate:
In the NPS console, expand POLICIES > NETWORK POLICIES
Select the relevant policy for your VPN or wireless connections (create a new policy if one doesn’t exist)
Click the CONSTRAINTS tab
Click AUTHENTICATION METHODS
Ensure Microsoft: Protected EAP (PEAP) or Smart Card or other certificate is selected
Click the EDIT button
In the PEAP Properties or EAP Properties window, click on the Certificate issued dropdown
Select the correct certificate from the list. If the certificate is not listed, ensure it has been correctly installed in the personal store and has the proper EKU (Enhanced Key Usage) - Apply and Confirm Settings:
After selecting the certificate, click OK to apply the settings. Confirm that the NPS server is now using the correct certificate for authentication
0 Comments